chore: add lock on buildguidcache

BloodHoundAD · Oct 21, 2024 · 1e81e8c · 1e81e8c
1 parent ead8b73
commit 1e81e8c
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/src/CommonLib/Processors/ACLProcessor.cs b/src/CommonLib/Processors/ACLProcessor.cs
@@ -19,6 +19,7 @@ public class ACLProcessor {
  private readonly ILogger _log;
  private readonly ILdapUtils _utils;
  private readonly ConcurrentHashSet _builtDomainCaches = new(StringComparer.OrdinalIgnoreCase);
+ private readonly object _lock = new();
 
  static ACLProcessor() {
  //Create a dictionary with the base GUIDs of each object type
@@ -50,6 +51,14 @@ public ACLProcessor(ILdapUtils utils, ILogger log = null) {
  /// LAPS
  /// </summary>
  private async Task BuildGuidCache(string domain) {
+ lock (_lock) {
+ if (_builtDomainCaches.Contains(domain)) {
+ return;
+ }
+
+ _builtDomainCaches.Add(domain);
+ }
+
  _log.LogInformation("Building GUID Cache for {Domain}", domain);
  await foreach (var result in _utils.PagedQuery(new LdapQueryParameters {
  DomainName = domain,
@@ -82,6 +91,7 @@ private async Task BuildGuidCache(string domain) {
  _log.LogDebug("Error while building GUID cache for {Domain}: {Message}", domain, result.Error);
  }
  }
+
  }
 
  /// <summary>
@@ -227,10 +237,7 @@ public IEnumerable<string> GetInheritedAceHashes(byte[] ntSecurityDescriptor, st
  public async IAsyncEnumerable<ACE> ProcessACL(byte[] ntSecurityDescriptor, string objectDomain,
  Label objectType,
  bool hasLaps, string objectName = "") {
- if (!_builtDomainCaches.Contains(objectDomain)) {
- _builtDomainCaches.Add(objectDomain);
- await BuildGuidCache(objectDomain);
- }
+ await BuildGuidCache(objectDomain);
 
  if (ntSecurityDescriptor == null) {
  _log.LogDebug("Security Descriptor is null for {Name}", objectName);